From 1b4002e0b7bedad11a3efd43ea899b4db9a9c82a Mon Sep 17 00:00:00 2001 From: stronk7 Date: Wed, 17 Nov 2004 00:14:34 +0000 Subject: [PATCH] Just changing some parameters stuff to new functions... See SC and Bug 1837 Merged from MOODLE_14_STABLE --- mod/glossary/approve.php | 7 ++----- mod/glossary/comment.php | 3 +-- mod/glossary/deleteentry.php | 6 ++---- mod/glossary/edit.php | 7 ++----- mod/glossary/editcategories.php | 9 +++------ mod/glossary/exportentry.php | 6 ++---- mod/glossary/formats.php | 3 +-- mod/glossary/print.php | 9 +++------ mod/glossary/view.php | 28 +++++++--------------------- 9 files changed, 23 insertions(+), 55 deletions(-) diff --git a/mod/glossary/approve.php b/mod/glossary/approve.php index 1abbcce534..22ac3c27d3 100644 --- a/mod/glossary/approve.php +++ b/mod/glossary/approve.php @@ -6,11 +6,8 @@ require_variable($id); // Course Module ID optional_variable($eid); // Entry ID - optional_variable($mode,"approval"); - optional_variable($hook,"ALL"); - - $mode = strip_tags(urldecode($mode)); //XSS - $hook = strip_tags(urldecode($hook)); //XSS + $mode = optional_param('mode','approval'); + $hook = optional_param('hook','ALL'); if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); diff --git a/mod/glossary/comment.php b/mod/glossary/comment.php index d3d676be93..5a2c8d2da3 100644 --- a/mod/glossary/comment.php +++ b/mod/glossary/comment.php @@ -8,10 +8,9 @@ require_variable($eid); // Entry ID optional_variable($cid,0); // Comment ID - optional_variable($action,"add"); // Action to perform optional_variable($confirm,0); // Confirm the action - $action = strip_tags(urldecode($action)); //XSS + $action = optional_param('action','add'); $action = strtolower($action); diff --git a/mod/glossary/deleteentry.php b/mod/glossary/deleteentry.php index 43d36de170..e1ea1fd1c5 100644 --- a/mod/glossary/deleteentry.php +++ b/mod/glossary/deleteentry.php @@ -6,11 +6,9 @@ require_variable($id); // course module ID optional_variable($confirm); // commit the operation? optional_variable($entry); // entry id - require_variable($prevmode); // current frame - optional_variable($hook); // pivot id - $prevmode = strip_tags(urldecode($prevmode)); //XSS - $hook = strip_tags(urldecode($hook)); //XSS + $prevmode = required_param('prevmode'); + $hook = optional_param('hook'); $strglossary = get_string("modulename", "glossary"); $strglossaries = get_string("modulenameplural", "glossary"); diff --git a/mod/glossary/edit.php b/mod/glossary/edit.php index e3e958de37..56dbbe7acc 100644 --- a/mod/glossary/edit.php +++ b/mod/glossary/edit.php @@ -9,11 +9,8 @@ require_variable($id); // Course Module ID optional_variable($e); // EntryID optional_variable($confirm,0); // proceed. Edit the edtry -optional_variable($mode); // categories if by category? -optional_variable($hook); // CategoryID - -$mode = strip_tags(urldecode($mode)); //XSS -$hook = strip_tags(urldecode($hook)); //XSS +$mode = optional_param('mode'); // categories if by category? +$hook = optional_param('hook'); // CategoryID if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); diff --git a/mod/glossary/editcategories.php b/mod/glossary/editcategories.php index 8e0f567bac..4bc94c8e03 100644 --- a/mod/glossary/editcategories.php +++ b/mod/glossary/editcategories.php @@ -6,9 +6,6 @@ require_once("lib.php"); require_variable($id); // Course Module ID, or - optional_variable($mode); // cat - optional_variable($hook,0); // category ID - optional_variable($action); // what to do optional_variable($usedynalink); // category ID optional_variable($confirm); // confirm the action @@ -16,9 +13,9 @@ $name = clean_text($name); - $action = strip_tags(urldecode($action)); //XSS - $hook = strip_tags(urldecode($hook)); //XSS - $mode = strip_tags(urldecode($mode)); //XSS + $action = optional_param('action'); // what to do + $hook = optional_param('hook',0); // category ID + $mode = optional_param('mode'); // cat $action = strtolower($action); diff --git a/mod/glossary/exportentry.php b/mod/glossary/exportentry.php index aa21966eca..59c45f52a8 100644 --- a/mod/glossary/exportentry.php +++ b/mod/glossary/exportentry.php @@ -5,11 +5,9 @@ require_variable($id); // course module ID require_variable($entry); // Entry ID optional_variable($confirm); // confirmation - optional_variable($mode); - optional_variable($hook); - $hook = strip_tags(urldecode($hook)); //XSS - $mode = strip_tags(urldecode($mode)); //XSS + $hook = optional_param('hook'); + $mode = optional_param('mode'); global $THEME, $USER, $CFG; diff --git a/mod/glossary/formats.php b/mod/glossary/formats.php index f1fdc07a02..c218603653 100644 --- a/mod/glossary/formats.php +++ b/mod/glossary/formats.php @@ -6,9 +6,8 @@ global $CFG, $THEME; require_variable($id); - optional_variable($mode); - $mode = strip_tags(urldecode($mode)); //XSS + $mode = optional_param('mode'); require_login(); if ( !isadmin() ) { diff --git a/mod/glossary/print.php b/mod/glossary/print.php index 326120cedd..1bd38bac7a 100644 --- a/mod/glossary/print.php +++ b/mod/glossary/print.php @@ -6,16 +6,13 @@ require_once("lib.php"); require_variable($id); // Course Module ID - require_variable($mode,"letter"); // mode to show the entries - optional_variable($hook,"ALL"); // what to show - optional_variable($sortkey,"UPDATE"); // Sorting key optional_variable($sortorder,"asc"); // Sorting order optional_variable($offset); // number of entries to bypass optional_variable($displayformat,-1); - $mode = strip_tags(urldecode($mode)); //XSS - $hook = strip_tags(urldecode($hook)); //XSS - $sortkey = strip_tags(urldecode($sortkey)); //XSS + $mode = required_param('mode'); // mode to show the entries + $hook = optional_param('hook','ALL'); // what to show + $sortkey = optional_param('sortkey','UPDATE'); // Sorting key if (! $cm = get_record("course_modules", "id", $id)) { error("Course Module ID was incorrect"); diff --git a/mod/glossary/view.php b/mod/glossary/view.php index b7496ec415..9a3a741009 100644 --- a/mod/glossary/view.php +++ b/mod/glossary/view.php @@ -13,29 +13,15 @@ optional_variable($tab,GLOSSARY_NO_VIEW); // browsing entries by categories? - optional_variable($mode,""); // [ "term" | "entry" | "cat" | "date" | - // "letter" | "search" | "author" | "approval" ] - optional_variable($hook,""); // the term, entry, cat, etc... to look for based on mode - - optional_variable($fullsearch,0); // full search (concept and definition) when searching? - - optional_variable($sortkey,""); // Sorted view: - // [ CREATION | UPDATE | FIRSTNAME | LASTNAME | - // concept | timecreated | ... ] - optional_variable($sortorder,""); // it defines the order of the sorting (ASC or DESC) - - optional_variable($offset,0); // entries to bypass (for paging purpouses) - - optional_variable($show,""); // [ concept | alias ] => mode=term hook=$show optional_variable($displayformat,-1); // override of the glossary display format - $mode = strip_tags(urldecode($mode)); //XSS - $hook = strip_tags(urldecode($hook)); //XSS - $fullsearch = strip_tags(urldecode($fullsearch)); //XSS - $sortkey = strip_tags(urldecode($sortkey)); //XSS - $sortorder = strip_tags(urldecode($sortorder)); //XSS - $offset = strip_tags(urldecode($offset)); //XSS - $show = strip_tags(urldecode($show)); //XSS + $mode = optional_param('mode'); // term entry cat date letter search author approval + $hook = optional_param('hook'); // the term, entry, cat, etc... to look for based on mode + $fullsearch = optional_param('fullsearch',0);// full search (concept and definition) when searching? + $sortkey = optional_param('sortkey'); // Sorted view: CREATION | UPDATE | FIRSTNAME | LASTNAME... + $sortorder = optional_param('sortorder'); // it defines the order of the sorting (ASC or DESC) + $offset = optional_param('offset',0); // entries to bypass (for paging purpouses) + $show = optional_param('show'); // [ concept | alias ] => mode=term hook=$show if (!empty($id)) { if (! $cm = get_record("course_modules", "id", $id)) { -- 2.39.5